Towards Secure Scripting Development

Total Page:16

File Type:pdf, Size:1020Kb

Towards Secure Scripting Development Towards Secure Scripting Development Facundo Ferrer Andres More [email protected] [email protected] Argentina Software Development Center (Intel) Abstract This work reflects two separate efforts towards implementing security awareness in projects being developed using scripting languages. The same development process was used in both projects which included a specific focus on security. Besides summarizing lessons learned, this work recommends automatic tools for static code analysis to ensure that usual pitfalls are avoided from the very beginning. This work contributes with an overview of specific insights on Perl and Python security, together with a list of publicily available support tools, and how they are best applied and integrated into the development process. The proposed development framework is based on a supporting infrastructure which minimizes effort on peer reviews and allows early identification of security issues, making their resolution easier and cheaper. 1 Introduction This works shows the experience on how scripting development can be done with a security focus. Besides best known methods on secure development, specifics about the Perl and Python programming languages are discussed in detail. 1.1 Background Among the different programming languages being used around the world, scripting languages account for a significant portion. As of today, Python holds the 6th and Perl the 9th position on the ranking of the most popular languages according to TIOBE. See figure 1 for the April 2011 TIOBE index. 1 40JAIIO - WSegI 2011 - ISBN: 978-987-1312-22-1 - Página 42 April '11 April '10 Delta Language Rating 1 2 " Java 19.043% 2 1 # C 16.162% 3 3 = C++ 9.225% 4 6 "" C# 7.185% 5 4 # PHP 6.584% 6 7 " Python 4.931% 7 5 ## Visual Basic 4.682% 8 11 """ Objective-C 4.386% 9 8 # Perl 1.991% 10 10 = Javascript 1.512% Figure 1: TIOBE Index of Programming Languages (April 2011) Scripting languages are popular because their use does not requires of a compiler or any complex toolchain, as they are interpreted on-the-fly at runtime. In the case of major GNU/Linux distributions, the basic script runtimes are available by default with their base installation. Scripting languages are multiple purpose. Besides to have a low learning curve and to be easily found, they glue different system services and applica- tions, taking advantage of the UNIX philosophy of providing independent tools and filters. Scripts are wonderful tools to do task sketching, allowing early identification of next steps by using a throw-away prototype. Moreover, as scripts can be seen as a set of commands in a text file, it is easy to learn from the examples available on the system. Almost by definition, scripts files are readable by the user executing them. People find useful the idea of automating their iterative tasks in a way similar to what is done manually on the command line console. 1.2 Problem Definition Scripting programming languages such as Perl and Python are mostly used at system level to coordinate services and even to implement administrative tools such as packaging systems. They are also the preferred choice to implement tasks to be done during system startup and shutdown. These tasks require the enforcement of privileges as their action will impact on the operating system behavior; affecting any application, service or data. When running with privileges at system level, any wrong input or unhandled scenario may drastically impact the system. For instance, any malicious input may be executed as a system command with administrative rights. 1.3 Related Work Secure coding in scripting languages has been considered worldwide by different people [2] [3] [4]. The development of supporting tools [5] and even the inclusion of new security features on the scripting languages is also work in progress [6] [7]. 2 40JAIIO - WSegI 2011 - ISBN: 978-987-1312-22-1 - Página 43 2 Secured Software Development Process 2.1 Security Oriented Activities Before entering into the specific details for scripting languages, there are several considerations which apply to the stages of the development process itself. These considerations follow the Security Development Lifecycle, which was developed at Microsoft to save costs and resources during development [8]. This process specifies security concepts including the usage of checklists, tools to double check security threats, security oriented peer reviews and specialized testing. Development Stage Security Activity Definition Training Architecture Design Patterns Design Design Reviews Early Implementation Automated Support Final Implementation Peer Reviews Testing Specialized Testing Figure 2: Security Oriented Activities An overview of the security related activities per process stage is shown at figure 2. Although similar to the usual development activities for quality assurance, the list considers specific security oriented topics. During project definition, the development team as a whole needs to review security topics including Writing Security Requirements, Secure Architecture, Secure Design, Secure Coding and Testing Security. Investing some hours on informal discus- sions around the security features and pitfalls of the technology to be used for development will save a lot of headaches later on. Once hands-on development has started, Architecture and Design should consider the usage of secure design patterns [9], having explicit reviews with fo- cus on security aspects such as authentication and authorization. While starting the coding phase, the team needs to put enfasis on the establishment of auto- mated support to track product changes, and before concluding implementation a detailed review of critical sections of the codebase needs to be completed. In the case of iterative development, we can clasify the security activities according to their occurence as shown in figure 3. Basis Security Activity Once Training, Automated Support Every Iteration Gap Analysis, Peer Review, Testing As Required Architecture and Design Reviews Major Release Penetration Testing Figure 3: Security Oriented Activities with Iterative Development 3 40JAIIO - WSegI 2011 - ISBN: 978-987-1312-22-1 - Página 44 2.2 General Considerations 2.2.1 Best Known Methods During every phase of a development process, security checklist needs to be available and completed. Once in firefighting mode, it is inevitable that the urgency will trump importance. Keeping a hardcopy of the activities and their expected deliverables is a valuable asset for the team. In the case of security, it is really important to keep focus and a critical mindset during the end-to-end product development. Checkpoints should be established to review development milestones with recognized security experts when available. The key milestones to consider are usually the completion of each stage: definition, architecture, design, coding and testing. Design reviews with focus in security are other important discipline to follow. Each time complex features or bug fixes are faced, consideration must be taken to check if they might deserve security reviews. In particular this should be done every time the design is modified; with special emphasis if the design is being done for the first time. Code peer-reviews with focus in security should also be done by all the de- velopment team, including the testing and quality assurance members. Critical sections handling authorization or privileges should be carefully reviewed every time they are updated. If the product execution handles significant parsing of data, enforcing au- tomated fuzzy testing of malformed data should be mandatory; bugs on input validation came from the abuse of regular expression features. Fuzzy testing al- lows the team to exercise error handling and input validation by using randomly generated information. All sources of the project deliverables should be kept over version control in order to avoid loosing effort due to human mistakes and to be able to reproduce a reported issue with an old version of the code. 2.2.2 Static Analysis From the efficiency point of view, the development team should remove low priority issues in the code as soon as possible. Wrong indentation, spellchecking and other cosmetic findings should be automatically detected and fixed early during development, not during peer review or testing. In this way, the effort required to solve them is substantially lower and hence frees up effort for other tasks and activities adding more value to the product being developed. To enforce automatic analysis of code, static analyzers should be used. An ideal static analyzer tool shall have the following characteristics: 1. configurable: the execution of rules shall be configurable; allowing the user to decide which ones will be enforced. 4 40JAIIO - WSegI 2011 - ISBN: 978-987-1312-22-1 - Página 45 2. severity levels: the rules should be split into different levels and the levels should be selectable at runtime; allowing to easily categorize and prioritize the findings when applying the tool for first time. 3. extensibility: the rules should be easily extended; allowing the team to include new ones when analyzing the outcome of peer reviews to identify usual issues to avoid in the future. 4. deterministic heuristics: if the tool applies heuristics to determine an improvement opportunity, it must not show different results over the same set of files. 3 Perl 3.1 Security Overview Perl was developed by Larry Wall [10] as a general-purpose scripting language mostly targeting the processing of text. It is used mostly at system level. The overall syntax derives from the C language which allowed significant popularity. Regarding security at Perl, the basic starting point is the perlsec manual page. The discussion there defines vulnerability contact information and ana- lyzes main mechanisms and concerns to keep in mind during development. Perl provides a built-in mode to reduce security threats due malicious input. This taint mode enables an enforcement of input validation and issues a warn- ing at runtime unless the data is sanitized with a regular expression or one of several built-in functions.
Recommended publications
  • Referência Debian I
    Referência Debian i Referência Debian Osamu Aoki Referência Debian ii Copyright © 2013-2021 Osamu Aoki Esta Referência Debian (versão 2.85) (2021-09-17 09:11:56 UTC) pretende fornecer uma visão geral do sistema Debian como um guia do utilizador pós-instalação. Cobre muitos aspetos da administração do sistema através de exemplos shell-command para não programadores. Referência Debian iii COLLABORATORS TITLE : Referência Debian ACTION NAME DATE SIGNATURE WRITTEN BY Osamu Aoki 17 de setembro de 2021 REVISION HISTORY NUMBER DATE DESCRIPTION NAME Referência Debian iv Conteúdo 1 Manuais de GNU/Linux 1 1.1 Básico da consola ................................................... 1 1.1.1 A linha de comandos da shell ........................................ 1 1.1.2 The shell prompt under GUI ......................................... 2 1.1.3 A conta root .................................................. 2 1.1.4 A linha de comandos shell do root ...................................... 3 1.1.5 GUI de ferramentas de administração do sistema .............................. 3 1.1.6 Consolas virtuais ............................................... 3 1.1.7 Como abandonar a linha de comandos .................................... 3 1.1.8 Como desligar o sistema ........................................... 4 1.1.9 Recuperar uma consola sã .......................................... 4 1.1.10 Sugestões de pacotes adicionais para o novato ................................ 4 1.1.11 Uma conta de utilizador extra ........................................ 5 1.1.12 Configuração
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Pragmaticperl-Interviews-A4.Pdf
    Pragmatic Perl Interviews pragmaticperl.com 2013—2015 Editor and interviewer: Viacheslav Tykhanovskyi Covers: Marko Ivanyk Revision: 2018-03-02 11:22 © Pragmatic Perl Contents 1 Preface .......................................... 1 2 Alexis Sukrieh (April 2013) ............................... 2 3 Sawyer X (May 2013) .................................. 10 4 Stevan Little (September 2013) ............................. 17 5 chromatic (October 2013) ................................ 22 6 Marc Lehmann (November 2013) ............................ 29 7 Tokuhiro Matsuno (January 2014) ........................... 46 8 Randal Schwartz (February 2014) ........................... 53 9 Christian Walde (May 2014) .............................. 56 10 Florian Ragwitz (rafl) (June 2014) ........................... 62 11 Curtis “Ovid” Poe (September 2014) .......................... 70 12 Leon Timmermans (October 2014) ........................... 77 13 Olaf Alders (December 2014) .............................. 81 14 Ricardo Signes (January 2015) ............................. 87 15 Neil Bowers (February 2015) .............................. 94 16 Renée Bäcker (June 2015) ................................ 102 17 David Golden (July 2015) ................................ 109 18 Philippe Bruhat (Book) (August 2015) . 115 19 Author .......................................... 123 i Preface 1 Preface Hello there! You have downloaded a compilation of interviews done with Perl pro- grammers in Pragmatic Perl journal from 2013 to 2015. Since the journal itself is in Russian
    [Show full text]
  • Effective Perl Programming
    Effective Perl Programming Second Edition The Effective Software Development Series Scott Meyers, Consulting Editor Visit informit.com/esds for a complete list of available publications. he Effective Software Development Series provides expert advice on Tall aspects of modern software development. Books in the series are well written, technically sound, and of lasting value. Each describes the critical things experts always do—or always avoid—to produce outstanding software. Scott Meyers, author of the best-selling books Effective C++ (now in its third edition), More Effective C++, and Effective STL (all available in both print and electronic versions), conceived of the series and acts as its consulting editor. Authors in the series work with Meyers to create essential reading in a format that is familiar and accessible for software developers of every stripe. Effective Perl Programming Ways to Write Better, More Idiomatic Perl Second Edition Joseph N. Hall Joshua A. McAdams brian d foy Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
    [Show full text]
  • Extreme Programming in Perl
    Extreme Programming in Perl Robert Nagler February 22, 2017 Copyright c 2004 Robert Nagler Licensed under a Creative Commons Attribution 4.0 International License [email protected] Contents Preface ix 1 The Problem 1 1.1 Some Statistics . .2 1.2 Risk Averse Methodologies . .2 1.3 Fostering Failure . .3 1.4 Get Me a Rock . .4 1.5 Requirements Risk . .5 1.6 Let's Rock And Roll . .5 2 Extreme Programming 7 2.1 Core Values . .8 2.2 Communication . .9 2.3 Simplicity . .9 2.4 Feedback . 10 2.5 Courage . 11 2.6 The Practices . 12 2.7 Adopting XP . 13 3 Perl 15 3.1 Core Values . 15 3.2 Customer-Orientation . 16 3.3 Testing . 16 3.4 CPAN . 17 3.5 Organizing Your Workshop . 17 4 Release Planning 19 4.1 Planning Game . 20 4.2 Roles . 20 4.3 Stories . 20 4.4 On-site Customer . 21 4.5 Story Cards . 21 4.6 Dead Wood . 24 4.7 Estimation . 25 iii 4.8 Easing Estimation . 26 4.9 Spike Solutions . 26 4.10 Prioritization . 27 4.11 All the Facts . 28 4.12 Small Releases . 28 5 Iteration Planning 31 5.1 Tasks . 31 5.2 The Meeting . 32 5.3 Get Me a Bucket . 33 5.4 Velocity . 33 5.5 Watch Your Speed . 34 5.6 Customer Priorities . 34 5.7 Taking Care of Business . 35 5.8 The Beat Goes on . 35 6 Pair Programming 37 6.1 Quality . 37 6.2 How It Works . 38 6.3 Ease on down the Road .
    [Show full text]
  • Towards Left Duff S Mdbg Holt Winters Gai Incl Tax Drupal Fapi Icici
    jimportneoneo_clienterrorentitynotfoundrelatedtonoeneo_j_sdn neo_j_traversalcyperneo_jclientpy_neo_neo_jneo_jphpgraphesrelsjshelltraverserwritebatchtransactioneventhandlerbatchinsertereverymangraphenedbgraphdatabaseserviceneo_j_communityjconfigurationjserverstartnodenotintransactionexceptionrest_graphdbneographytransactionfailureexceptionrelationshipentityneo_j_ogmsdnwrappingneoserverbootstrappergraphrepositoryneo_j_graphdbnodeentityembeddedgraphdatabaseneo_jtemplate neo_j_spatialcypher_neo_jneo_j_cyphercypher_querynoe_jcypherneo_jrestclientpy_neoallshortestpathscypher_querieslinkuriousneoclipseexecutionresultbatch_importerwebadmingraphdatabasetimetreegraphawarerelatedtoviacypherqueryrecorelationshiptypespringrestgraphdatabaseflockdbneomodelneo_j_rbshortpathpersistable withindistancegraphdbneo_jneo_j_webadminmiddle_ground_betweenanormcypher materialised handaling hinted finds_nothingbulbsbulbflowrexprorexster cayleygremlintitandborient_dbaurelius tinkerpoptitan_cassandratitan_graph_dbtitan_graphorientdbtitan rexter enough_ram arangotinkerpop_gremlinpyorientlinkset arangodb_graphfoxxodocumentarangodborientjssails_orientdborientgraphexectedbaasbox spark_javarddrddsunpersist asigned aql fetchplanoriento bsonobjectpyspark_rddrddmatrixfactorizationmodelresultiterablemlibpushdownlineage transforamtionspark_rddpairrddreducebykeymappartitionstakeorderedrowmatrixpair_rddblockmanagerlinearregressionwithsgddstreamsencouter fieldtypes spark_dataframejavarddgroupbykeyorg_apache_spark_rddlabeledpointdatabricksaggregatebykeyjavasparkcontextsaveastextfilejavapairdstreamcombinebykeysparkcontext_textfilejavadstreammappartitionswithindexupdatestatebykeyreducebykeyandwindowrepartitioning
    [Show full text]
  • Java B E a Ns ™” - Ed Ro M an W W W.Theserverside.Co M Page 23 What Else Do We Need
    #1447: Applications Development for Linux/IPF® Joel Berman Itanium Linux Marketing Manager Linux is Linux develop once, deploy often! so me workloads run best on IPF so me workloads run best on IA32 November 17, 2003 page 2 What is the benefit of 64- bits? Big Numbers Big Memory Wide data November 17, 2003 page 3 Intel® Spring Analyst Meeting November 17, 2003 page 4 When to deploy Linux on Itanium? Some Positioning Guidelines Linux on Itaniu m or IA-32? Large data sets Yes (>1 TB)? No Yes M e m ory intensive a p ps (> 4 G B)? No Floating point intensive Yes apps? No Want to port & migrate existing 64-bit Yes apps from a proprietary platfor m ? No Want to deploy multiple O S’s on a single Yes 64-bit platfor m for investment protection? No Itanium IA-32 November 17, 2003 page 5 Market Opportunities & Committed ISVs W o r klo a d s Needs Key ISVs Com mitted High-Performance Technical Heavy use of floating-point operations Adina, MSC.Software, Accelrys, Computing Large data sets Earth Decision Sciences, scientific research 64-bit computing with high memory bandwidth Metacomp Technologies, life & materials sciences and low latency means faster calculations, more Mecalog, Platform Computing, oil & gas in-depth data analysis, and more vivid, precise Linux NetworX, Scyld, Scali, government & defense modeling and simulation – all for quicker time-to- Cluster File Systems, … computer-aided engineering breakthroughs Large Database Applications Load entire databases into memory for faster Oracle9i, Sybase Adaptive data warehousing &
    [Show full text]
  • December 2009 (PDF)
    DECEMBER 2009 VOLUME 34 NUMBER 6 OPINION Musings 2 Rik Farrow SECURITY The Conflicts Facing Those Responding to Cyberconflict 7 DaviD DittRich THE USENIX MAGAZINE Top 10 Web Hacking Techniques: “What’s Possible, Not Probable” 16 JeRemiah GRossman Hardening the Web with NoScript 21 Giorgio maone Correct OS Kernel?­ Proof? Done! 28 GeRwin klein Improving TCP Security with Robust Cookies 35 Perry metzGeR, willia m allen simPson, anD Paul vixie COLUMns Practical Perl Tools: Essential Techniques 44 DaviD n. Blank-Edelman Pete’s All Things Sun: Swaddling Applications in a Security Blanket 51 PeteR BaeR Galvin iVoyeur: 7 Habits of Highly Effective Nagios Implementations 57 Dave JosePhsen /dev/random: A Realist’s Glossary of Terms Widely Employed in the Information Security Arena 62 RoBeRt G. Ferrell BooK reVieWS Book Reviews 65 elizaBeth zwicky et al. useniX NOTES 2010 Election for the USENIX Board of Directors 70 ellie younG USACO Teams Shine 71 RoB kolstaD ConFerences Reports from the 18th USENIX Security Symposium 73 Reports from the 2nd Workshop on Cyber Security Experimentation and Test (CSET ’09) 101 Reports from the 4th USENIX Workshop on Hot Topics in Security (HotSec ’09) 108 The Advanced Computing Systems Association dec09covers.indd 1 10.29.09 10:09:48 AM Upcoming Events Fi r s t Wo r k s h o p o n su s t a i n a b l e in F o r m a t i o n 2n d USENIX Wo r k s h o p o n ho t to p i c s in te c h n o l o g y (su s t a i n IT ’10) pa r a l l e l i s m (ho t pa r ’10) Co-located with FAST ’10 Sponsored by USENIX in cooperation with ACM
    [Show full text]
  • Effective Perl.Pdf
    Effective Perl Programming Second Edition The Effective Software Development Series Scott Meyers, Consulting Editor Visit informit.com/esds for a complete list of available publications. he Effective Software Development Series provides expert advice on Tall aspects of modern software development. Books in the series are well written, technically sound, and of lasting value. Each describes the critical things experts always do—or always avoid—to produce outstanding software. Scott Meyers, author of the best-selling books Effective C++ (now in its third edition), More Effective C++, and Effective STL (all available in both print and electronic versions), conceived of the series and acts as its consulting editor. Authors in the series work with Meyers to create essential reading in a format that is familiar and accessible for software developers of every stripe. Effective Perl Programming Ways to Write Better, More Idiomatic Perl Second Edition Joseph N. Hall Joshua A. McAdams brian d foy Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
    [Show full text]
  • A Comparative Case Study on Tools for Internal Software Quality Measures
    A Comparative Case Study on Tools for Internal Software Quality Measures Bachelor of Science Thesis in Software Engineering and Management MAYRA NILSSON Department of Computer Science and Engineering UNIVERSITY OF GOTHENBURG CHALMERS UNIVERSITY OF TECHNOLOGY Gothenburg, Sweden 2018 The Author grants to University of Gothenburg and Chalmers University of Technology the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let University of Gothenburg and Chalmers University of Technology store the Work electronically and make it accessible on the Internet. {A Comparative Case Study on Tools for Internal Software Quality Measures} {MAYRA G. NILSSON } © {MAYRA G. NILSSON}, June 2018. Supervisor: {LUCAS GREN}{VARD ANTINYAN} Examiner: {JENIFFER HORKOFF} University of Gothenburg Chalmers University of Technology Department of Computer Science and Engineering SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 [Cover: Generated image based on keywords used in this
    [Show full text]
  • Master's Thesis Maintainability Aspects of the Website
    Die approbierte Originalversion dieser Diplom-/Masterarbeit ist an der Hauptbibliothek der Technischen Universität Wien aufgestellt (http://www.ub.tuwien.ac.at). The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology (http://www.ub.tuwien.ac.at/englweb/). Master’s Thesis Maintainability Aspects of the Website Development Life Cycle carried out at the Information Systems Institute Distributed Systems Group Technical University of Vienna under the guidance of Univ.Prof. Dr. Schahram Dustdar and Univ.Ass. Dipl.Ing. Dr. Clemens Kerer and Univ.Ass. Dipl.Ing. Martin Vasko as the contributing advisors responsible by Markus Krump¨ock Kogelweg 11, 2631 Sieding Matr.Nr. 9571186 Vienna, August 2008 i 0.1 Abstract The development of websites often happens in an “ad hoc” manner. There- fore changes in requirements (for example a graphic redesign) often lead to a complete rebuild from scratch. To make things even worse, websites and web applications are, due to a highly dynamic web, more often object of changes, compared to classical software for the desktop, since they not only consist of software but also content and the rollout of changes is much more easy. The variety of programming languages and technologies for the development of dynamic web applications and the availability of many different frameworks and template engines make things more complicated. Therefore the goal of this thesis is to develop some “best practices” and guidelines for how to design and implement websites for maintainability in order to create websites with a long lifetime without doing complete rebuilds.
    [Show full text]
  • Introduction to Perl
    Introduction to Perl March 8, 2011 by Benjamin J. Lynch http://msi.umn.edu/~blynch/tutorial/perl.pdf © 2010 Regents of the University of Minnesota. All rights reserved. Supercomputing Institute for Advanced Computational Research Outline • What Perl Is • When Perl Should Be used • Basic Syntax • Examples and Hands-on Practice • More built-in functions • Useful Tools to Manage Your Code © 2010 Regents of the University of Minnesota. All rights reserved. Supercomputing Institute for Advanced Computational Research Perl Is • a very useful scripting language • a language with many modules available to execute specific tasks in various scientific fields • a language used to generate web content and interact with databases • a language used to parse output text and organize results • a language used to “glue” programs together © 2010 Regents of the University of Minnesota. All rights reserved. Supercomputing Institute for Advanced Computational Research Perl Is • an interpreted language –Perl scripts/programs do not need to be compiled as a separate step. –After you write a Perl script, you can immediately have a Perl interpreter execute the script. © 2010 Regents of the University of Minnesota. All rights reserved. Supercomputing Institute for Advanced Computational Research Perl Is • A language with minimal syntactic limitations –A long Perl script can be written on a single line –There is no required indentation for control structures –Perl has dynamically-typed variables, so a string can turn into an integer on the fly. © 2010 Regents of the University of Minnesota. All rights reserved. Supercomputing Institute for Advanced Computational Research Running a Basic Perl Script • Log in • Open a text editor like vi, pico, or gedit • Enter the 3 lines below and save the file as hello.pl #!/usr/local/bin/perl use strict; print “Hello \n”; © 2010 Regents of the University of Minnesota.
    [Show full text]